COMMENTARY: A few weeks ago, a friend of mine with zero film experience used Seedance 2.0 to produce a 30-second clip that could pass for a Marvel movie fight scene.No storyboarding background, no motion graphics skills, no VFX software. Just a text prompt and a frontier model that turned a vague creative intention into polished output. Two years ago, that same clip would have required a VFX studio and a six-figure budget.[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts.Read more Perspectives here.]I keep thinking about that clip because the same dynamic has played out in offensive cyber, and a recent breach in Mexico is the clearest proof yet.
The recent Mexico cyberattack
According to researchers at Gambit Security, an unknown actor used Anthropic's Claude Code in a month-long campaign beginning in late December 2025, targeting Mexico's federal tax authority, the national electoral institute, Mexico City's civil registry, multiple state governments, and Monterrey's water utility.More than 1,000 prompts later, the attacker exfiltrated 150 gigabytes of government data, including records tied to 195 million taxpayers. But the detail that matters most isn't the scale. It's what happened when the attacker got stuck.
Around the third week, the operator couldn't figure out lateral movement. So they opened a ChatGPT session and asked for help: how to move through the compromised networks, which credentials were needed for which systems, how likely the operation was to get detected. This was someone who needed a second chatbot to explain what to do when the first chatbot's plan stopped working.A year ago, this person probably couldn't have breached a single Mexican government agency. That’s where the industry should pay attention.
AI supplies the competence most humans don’t have
What generative video did to VFX is what LLMs will do to offensive tradecraft. My friend's Marvel clip doesn't look like the best VFX I've ever seen, but it looks like it was made by someone who knows what they're doing. The Mexico campaign isn't the most sophisticated attack ever run, but it looks like it was run by someone who knows what they're doing. In both cases, the model supplied the competence the human lacked.The Mexico case represents one example in a growing body of evidence. In February, AWS published findings on a low-to-medium skill actor, likely a single person, who used commercial AI to compromise more than 600 FortiGate devices across 55 countries in five weeks.No zero-days involved, just exposed management ports and weak credentials, scaled by AI-generated tooling. Anthropic has disclosed a case involving a solo operator who automated recon, credential harvesting, and ransom note generation across 17 organizations in a single month. Unit 42 describes an extortion actor who stole data, but had no follow-through plan, so they asked an LLM to write one. The model produced a polished extortion strategy, complete with deadlines and pressure tactics.What connects these cases isn't just that attackers are using AI. It's that AI helps people execute attacks they otherwise wouldn't have the skill to run. The FortiGate actor couldn't compile custom exploits or debug failures. The Mexico operator needed ChatGPT to explain lateral movement. The extortion actor literally didn't know what to do with data they'd already stolen. These are script kiddies suddenly able to punch well above their weight class.
AI doesn’t raise the ceiling, it raises the floor
Google's Threat Intelligence Group offers a useful counterpoint. GTIG noted in late 2025 that while LLMs have become essential to state-backed actors' research and targeting, they haven't observed anyone developing genuinely new capabilities that alter the threat landscape. In other words, AI hasn't raised the ceiling much, but it’s raising the floor significantly.The FortiGate campaign illustrates what that means in practice. Whenever that actor hit real defenses, they simply moved on to the next soft target. AI gave them the speed to churn through hundreds of poorly defended environments at a pace that used to require a team. A mediocre operator who can credibly hit hundreds of soft targets simultaneously represents a different kind of problem than a sophisticated attacker going after one hard target.Today, we’re looking at a multi-model workflow, which matters for anyone who thinks guardrails alone solve the problem. The Mexico attacker bounced between Claude and ChatGPT. The FortiGate actor used multiple LLM providers in complementary roles. OpenAI has acknowledged that threat actors operate across platforms. The operator who gets rejected by one model asks another. The one rejected everywhere downloads an open-source model with no restrictions. While it’s important to make individual models refuse malicious prompts, it’s not going to contain this threat on its own.My main concern here: AI use has already moved past the "ask a chatbot, copy the answer" phase. Google documented malware that queries LLMs mid-execution to generate recon commands on the fly: not a human copying an answer, but code calling a model API as part of its own execution loop.Enough low-skill operators can now produce work that used to require years of experience and a team. The skill floor in offensive cyber has risen sharply, and it will keep rising every quarter the models improve. The models are improving fast.Security teams are asking the wrong question. It's not whether AI will create a new class of elite hackers. It's that the threat has already changed. The models aren't just helping experts move faster. They're handing attack capability to people who never had the skills to run one. And we haven’t really yet figured out what to do about it.Vineet Edupuganti, chief executive officer, Cogent SecuritySC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
An In-Depth Guide to AI
Get essential knowledge and practical strategies to use AI to better your security program.
AWS Continuum utilizes model-agnostic AI, drawing from various frontier models to analyze structured data like infrastructure and code, as well as unstructured data such as documents and communications.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
